Galois/Counter Mode
From Wikipedia, the free encyclopedia
GCM mode (Galois/Counter Mode) is a mode of operation for symmetric key cryptographic block ciphers. It is an authenticated encryption algorithm designed to provide both authentication and privacy. GCM mode is defined for block ciphers with a block size of 128 bits.
Contents |
[edit] Encryption and authentication
As the name suggests, GCM mode combines the well-known counter mode of encryption with the new Galois mode of authentication. The key feature is that the Galois field multiplication used for authentication can be easily computed in parallel thus permitting higher throughput than the authentication algorithms that use chaining modes, like CBC.
GCM mode was designed by John Viega and David A. McGrew as an improvement to Carter-Wegman Counter CWC mode.
GCM mode is used in the IEEE 802.1AE (MACsec) Ethernet security, ANSI (INCITS) Fibre Channel Security Protocols (FC-SP), IEEE P1619.1 tape storage, and IETF IPSec standards.
[edit] Performance
GCM requires one block cipher operation and one 128-bit multiplication in the Galois field per each block (128 bit) of encrypted and authenticated data.
[edit] Patents
According to the authors' statement, GCM is unencumbered by patents.
[edit] See also
[edit] External links
- RFC 4106: The Use of Galois/Counter Mode (GCM) in IPsec Encapsulating Security Payload (ESP)
- IEEE 802.1AE - Media Access Control (MAC) Security
- IEEE Securtiy in Storage Working Group works on P1619.1 standard; the latest draft can be obtained from the mailing list archives.
- INCITS T11 Tecnical Committee works on Fiber Channel - Security Protocols project.
- GCM IP Core from IP Cores
[edit] References
- NIST Special Publication 800-38D DRAFT (April, 2006) Recommendation for Block Cipher Modes of Operation: Galois/Counter Mode (GCM) for Confidentiality and Authentication